Read the indictment against Iranian hackers

The Trump administration announced sanctions and criminal indictments against an Iranian hacker network it said was involved in “one of the largest state-sponsored hacking campaigns” ever prosecuted by the United States, targeting hundreds of U.S. and foreign universities, as well as dozens of U.S. companies and government agencies, and the United Nations.

UNITED STATES DISTRICT COURTSOUTHERN DISTRICT OF NEW YORK

- UNITED STATES OF AMERICA

SEALED INDICTMENTGHDLAMREZA RAFATNEJAD, 18 Cr.

EHSAN MOHAMMADI,AEDOLLAH KARIMA,

a/k/a ?Vahid Karima,?MUSTAFA SRDEGHI,SEYED ALI MIRKARIMI,

MDHAMMED REZA SABAHI, IROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and

SAJJAD TAHMASEBI,

Defendants.

COUNT ONE(Conspiracy to Commit Computer Intrusions}

The Grand Jury charges:

1. At all times relevant to this Indictment,GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAH KARIMA, a/k/a?Vahid Karima," MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MDHAMMEDREZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJADTAHMASEBI, the defendants, all of whom were nationals of theIslamic Republic of Iran (?Iran?) living and working withinIran, were leaders, contractors, associates, hackers for hire,

and affiliates of the Mabna Institute, an Iran?based company

that conducted massive, coordinated cyber intrusions intocomputer systems belonging to at least approximately 144 UnitedStates?based universities, including two universities based inthe Southern District of New York (?University?1" andIn addition, the defendants conducted cyberintrusions into computer systems belonging to at least 175universities located in 21 foreign countries, includingAustralia, Canada, China, Denmark, Finland, Germany, Ireland,Israel, Italy, Japan, Malaysia, Netherlands, Norway, Poland,Singapore, South Korea, Spain, Sweden, Switzerland, Turkey, andthe United Kingdom. The defendants conducted this activity atthe behest of the government of Iran, specifically the IslamicRevolutionary Guard Corps which is one of severalentities within the Government of Iran responsible for gatheringintelligence.

2. Since at least approximately 2013, the members ofthe conspiracy compromised thousands of accounts belonging toprofessors at victim_universities and targeted academic data andintellectual property for theft, which, during the course of theconspiracy, cost the affected United States-based universitiesat least approximately $3.4 billion dollars to procure and

access. The stolen data, as well as access to compromised

university accounts, was used to benefit the IRGC and otherIranian customers, including Iran-based universities.

3. At the same time that the defendants weretargeting, compromising, and stealing data from universitiesaround the world, they also compromised the computer systems ofat least five U.S. federal and state government agencies, atleast 36 private sector companies, and at least two non-governmental organizations

MEANS AND METHODS OF THE CONSPIRACY

University Hacking Campaign

4. In conducting their hacking attacks of universityvictims, members of the conspiracy organized their activitiesinto various phases, generally summarized as follows:

a. First, members of the conspiracy conductedonline reconnaissance of university professors, including todetermine these professors? research interests and the academicarticles they had published.

b. Second, customised spearphishing emails werecreated. Spearphishing emails are emails sent to a targetseeking to induce action that would allow the sender to obtainunauthorized access to the recipient victim's computer system-This can be accomplished in a number of ways, including, but not

limited to, tricking the target into unwittingly providing his

or her account login credentials to allow the attacker toremotely log into, and obtain unauthorized access to, thevictim?s online accounts. The spearphishing emails created bythe conspiracy purported to be sent from professors at oneuniversity, and were directed to victim professors at anotheruniversity. In general, those spearphishing emails indicatedthat the sender had read an article the victim professor hadrecently published, and expressed an interest in several otherarticles. The sender provided links to those additionalarticles. If the victim professor clicked on certain links, heor she would be directed to a malicious Internet domain named toappear confusingly similar to the authentic domain of therecipient professor?s university. The malicious domaincontained a webpage designed to appear to be the login webpagefor the victim professor's university. It was the conspirators?intent that the victim professor would be led to believe that heor she had inadvertently been logged out of his or heruniversity?s computer system prompting the victim professor forhis or her login credentials, the username and passwordfor his or her university account. If a professor then enteredhis or her login credentials, those credentials were then logged

and captured by the hackers.

c. Third, the members of the conspiracy usedstolen account credentials and obtained unauthorized access tovictim professor accounts, through which they then exfiltrated,or transferred to themselves, academic data and documents fromthe systems of compromised universities, including, among otherthings, academic journals, theses, dissertations and electronicbooks. The defendants targeted data across all fields ofresearch and academic disciplines, including science andtechnology, engineering, social sciences, medical and otherprofessional fields. At least approximately 31.5 terabytes ofacademic data and intellectual property from compromiseduniversities was stolen and exfiltrated to servers under thecontrol of members of the conspiracy located in countriesoutside the United States.

5. Over the course of this hacking conspiracy, thedefendants and their co?conspirators targeted over 100,000professor accounts worldwide with spearphishing messages,approximately half of which targeted professors at UnitedStates?based universities. As a result of those spearphishingattacks, the conspiracy successfully compromised at leastapproximately 7,998 accounts worldwide, of which at leastapproximately 3,768 belonged to professors at United States?

based victim universities.

6. The exfiltrated data and the stolen logincredentials of university professors were obtained for thebenefit of the IRGC, and were also sold within Iran, includingthrough two websites, Megapaper.ir (?Megapaper?) andGigapaper-ir (?Gigapaper?). Megapaper was operated by FalinoosCompany (?Falinoos?), a company controlled by ABDOLLAH KARIMA,an/a ?Vahid Karima," the defendant, and Gigapaper wasaffiliated with KARIMA. Megapaper sold stolen academicresources to customers within Iran, including Iranrbased publicuniversities and institutions, and Gigapaper sold a service tocustomers within Iran whereby purchasing customers could usecompromised university professor accounts to directly access theonline library Systems of particular United States-based andforeign universities.

Private Sector Hacking Victims

7. In addition to targeting and compromisinguniversities, the Mabna Institute defendants targeted andcompromised.employee email accounts for at least approximately36 United.States?based private companies, and at leastapproximately eleven private companies based in Germany, Italy,Switzerland, Sweden, and the United Kingdom, and exfiltrated

entire email mailboxes from compromised employees? accounts.

Among the United States-

based private sector victims were the

following:a. Three academic publishers;b. Two media and entertainment companies;c. One law firm;d. Eleven technology companies;e. Five consulting firms;f. Four marketing firms;g. Two banking and/or investment firms;h. Two online car sales companies;i. One healthcare company;j. One employee benefits company;k. One industrial machinery company;1. One biotechnology company;m. One food and beverage company; andn. One stock images company.8. In order to compromise accounts of private sector

victims, members of the

conspiracy used a technique known as

?password spraying," whereby they first collected lists of names

and email accounts associated with the intended victim company

through open source Internet searches. Then, they attempted to

gain access to those accounts with commonly-used passwords, such

as frequently used default passwords, in order to attempt to

7

obtain unauthorized access to as many accounts as possible.

Once they obtained access to the victim accounts, members of theconspiracy, among other things, exfiltrated entire emailmailboxes from the victims. In addition, in many cases, thedefendants established automated forwarding rules forcompromised accounts that would prospectively forward newoutgoing and incoming email messages irom the compromised

accounts to email accounts controlled by the conspiracy.

U.S. Government and NGO Hacking Victims

9. In the same time period as the university andprivate sector hacking campaigns described above, the MabnaInstitute also conducted a computer hacking campaign againstvarious governmental and non?governmental organisations withinthe United States. During the course of that campaign, employeelogin credentials were stolen by members of the conspiracythrough password spraying. Among the victims were the

following, all based in the United States:

a. United States Department of Labor;

b. Federal Energy Regulatory Commission;

c. State of Hawaii;

d. State of Indiana;

e. State of Indiana Department of Education;f. United Nations; and

g. United Nations Children?s Fund.

RELEVANT PERSONS AND ENTITIES

10. At all times relevant to this Indictment, theMabna Institute was an organization founded in or about 2013,and was set up in order to assist Iranian universities, as wellas scientific and research organizations, to obtain access tonon?Iranian scientific resources. The Mabna Institutecontracted with Iranian governmental and private entities toconduct hacking activities on their behalf. The Mabna Instituteconducted the university spearphishing campaign specifically on

behalf of the IRGC. The Mabna Institute logo appears below.

11. At all times relevant to this Indictment,GHOLAMREZA RAFATNEJAD, the defendant, was a founding member ofthe Mabna Institute. Among other things, RAFATNEJAD organisedthe Mabna Institute hacking campaign which targeted

universities, sent and received compromised credentials

belonging to victim professors to and from co?conspirators,organized stolen professor credentials, and controlled maliciousdomains that were used to target university victims. RAFATNEJADhad the contact with the IRGC that funded certain aspects of theMabna Institute hacking campaign that targeted universities.

12. At all times relevant to this Indictment, EHSANMOHAMMADI, the defendant, was a founding member of the MabnaInstitute, and served as the Mabna Institute's ManagingDirector. Along with GHOLAMREZA RAFATNEJAD, the defendant,MOHAMMADI also helped organize the Mabna Institute campaignwhich targeted universities, and received compromisedcredentials to victim professors' accounts from co?conspirators.MOHAMMADI was also responsible for managing the finances of theMabna Institute, including with respect to the Mabna Institute?scomputer hacking and exploitation operations.

l3. At certain times relevant to this Indictment,ABDOLLAH KARIMA, a/k/a ?Vahid Karima," the defendant, was anIran-based_businessman who owned and operated Falinoos, acompany operating in Iran that sold access to academicmaterials. Through Falinoos, KARIMA entered into contracts withmultiple Iranian public universities to sell them access toacademic materials that had been stolen from U.S. and foreign

universities through computer intrusions. KARIMA contracted

10

with the Mabna Institute to direct certain of the hackingactivities described in this Indictment, and sold academicmaterials that had been stolen through the computer intrusionstargeting united States?based and foreign universities throughvarious websites operated by Falinoos, including Megapaper, andexchanged stolen professor credentials with the operators of theGigapaper website. KARIMA was regularly provided withcompromised login credentials for professors at various victimuniversities from other members of the conspiracy.

14. At all times relevant to this Indictment, MOSTAFASADEGHI, the defendant, was a prolific Iran?based computerhacker who was an affiliate of the Mabna Institute. SADEGHIpersonally compromised over approximately 1,000 victim professoraccounts through the course of the spearphishing campaign.SADEGHI exchanged credentials for compromised professor accountswith GHOLAMREZA RAFATNEJAD and ABDOLLAH KARIMA, afkfa ?VahidKarima," the defendants, and provided training to RAFATNEJAD oncomputer hacking techniques, specifically focused oncompromising university-based accounts. SADEGHI was alsoinvolved in the operation of, and maintained a financialinterest in, the Megapaper website.

15. At certain times relevant to this Indictment,

SEYED ALI MIRKARIMI, the defendant, was an Iran?based hacker and

11

contractor for the Mabna Institute. MIRKARIMI participated in awide range of Mabna Institute hacking projects, including thespearphishing campaign that targeted universities and hackingefforts that targeted private sector companies, governmentorganizations, and NGOs. MIRKARIMI was involved in many aspectsand phases of the hacking activity, including, but not limitedto, crafting and testing spearphishing emails, registeringmalicious domains that were used to target victim universities,compiling targeting lists, and organizing stolen credentials.16. At certain times relevant to this Indictment,MOHAMMED REZA SABAHI, the defendant, was an Iranebasedcontractor for the Mabna Institute. MOHAMMAD REZA SABAHI helpedcarry out the spearphishing campaign, which targeteduniversities by, among other things, conducting onlinereconnaissance of victim university systems, creating targetinglists of victim professors, and cataloging academic databases atvictim universities that were targeted by the hacking campaign.17. At certain times relevant to this Indictment,ROOZBEH SAEAHI, the defendant, was an Iran-based contractor forthe Mabna Institute. ROOZBEH SABAHI helped carry out thevarious hacking activities of the Mabna Institute by, amongother things, organizing stolen credentials obtained by Mabna

Institute hackers, including credentials for accounts belonging

12

to victim professors, and accounts belonging to employees ofprivate sector, government, and NGD victims of the MabnaInstitute.

18. At certain times relevant to this Indictment,ABUZAR GDHARI MOQADAM, the defendant, was an Iran-basedprofessor and affiliate of the Mabna Institute who exchangedcredentials for compromised accounts with Mabna Institutefounders GHOLAMREZA RAFATNEJAD and EHSAN MOHAMMADI, thedefendants.

STATUTORI ALLEGATIONS20. From at least in or about 2013 through at leastin or about December 2017, in the Southern District of New Yorkand elsewhere, GHDLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAHKARIMA, a/k/a ?Vahid Karima," MOSTAFA SADEGHI, SEYED ALI

MIRKARIMI, MOHAMMED REZA SABRHI, ROOZBEH SABRHI, ABUZAR GOHARI

13

MOQADAM, and SAJJAD TAHMASEBI, the defendants, and others knownand unknown, willfully and knowingly combined, conspired,confederated, and agreed together and with each other to commitcomputer intrusion offenses in violation of Title 18, UnitedStates Code, Sections 1030(a)(2), 1030(a)(6} and 1030(c)(2)(A).

21. It was a part and an object of the conspiracythat GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAH KARIMA,a/k/a ?Vahid Karima," MOSTAFA SADEGHI, SEYED ALI MIRKARIMI,MOHAMMED REZA SABAHI, ROOZEEH SAEAHI, ABUZAR GOHARI MDQADAM, andSAJJAD TAHMASEBI, the defendants, and others known and unknown,would and did intentionally access computers withoutauthorization, and exceed authorized access, and thereby wouldand did obtain information from protected computers, forpurposes of commercial advantage and private financial gain, andthe value of the information obtained would and did exceed$5,000, in violation of Title 18, United States Code, Sectionsand

22. It was further a part and an object of theconspiracy that GHOLAMREZA RAFATNEJAD, EHSAN MOHAIVMADI, ABDOLLAHKARIMA, an/a ?Vahid Karima," MOSTAFA SADEGHI, SEYED ALIMIRKARIMI, MOHAMMED SAEAHI, ROOZBEH SABAHI, AEUZAR GOHARI

MOQADAM, and SAJJAD TAHMASEBI, the defendants, and others known

14

and unknown, knowingly and with the intent to defraud, would anddid traffic in passwords and similar information through whichcomputers may be accessed without authorization, in transactionsaffecting interstate and.foreign commerce, and involvingcomputers used by and for the Government of the United States,in violation of Title 18, United States Code, Sections1030(a)(5} and

(Title 18, United States Code, Section

COUNT TWO(Conspiracy to Commit Wire Fraud)

The Grand Jury further charges:

23. The allegations contained in paragraphs 1 through19 of this Indictment are repeated and realleged as if fully setforth herein.

24. From.at least in or about 2013 through at leastin or about December 2017, in the Southern District of New Yorkand elsewhere, GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAHKARIMA, afk/a ?Vahid Karima," MOSTAFA SADEGHI, SEYED ALIMIRKARIMI, MOHAMMED REZA SABRHI, ROOZBEH SABAHI, ABUZAR GOHARIMOQADAM, and SAJJAD TAHMASEBI, the defendants, and others knownand unknown, willfully and knowingly did combine, conspire,

confederate, and agree together and with each other to commit

15

wire fraud, in violation of Title 18, United States Code,Section 1343.

25. It was a part and object of the conspiracy thatGHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, AEDOLLAH KARIMA, a k/ a?Vahid Karima,? MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MDHAMMEDREZA SABAHI, ROOZBEI-I SABAHI, ABUZAR GOHARI MOQADAM, and SAJJADTAHMASEEI, the defendants, and others known and unknown,willfully and knowingly, having devised and intending to devisea scheme and artifice to defraud and for obtaining money andproperty by means of false and fraudulent pretenses,representations, and promises, would and did transmit and causeto be transmitted by means of wire, radio, and televisioncommunication in interstate and foreign commerce, writings,signs, signals, pictures, and sounds for the purpose ofexecuting such scheme and artifice, in violation of Title 18,United States Code, Section 1343.

26. The allegations contained in paragraphs 1 through19 of this Indictment are repeated and realleged as if fully setforth herein.

From_at least in or about May 2014 through atleast in or about April 2017, in the Southern District of NewYork and elsewhere, GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI,ABDOLLAH KARIMA, a/k/a ?Vahid Karima," MOSTAFA SADEGHI, SEYEDALI MIRKARIMI, REZA ROOZBEH SABAHI, ABUZARGOHARI MOQADAM, and SAJJAD TAHMASEBI, the defendants, willfullyand intentionally accessed a computer without authorization andexceeded authorized access, and thereby would and did obtaininformation from a protected computer, for purposes ofcommercial advantage and private financial gain, and the valueof which exceeded $5,000, to wit, RAFATNEJAD, MOHAMMADI, KARIMA,SADEGHI, MIRKARIMI, REZA SABAHI, ROOZBEH SARAHI, GOHARIMOQADAM, and TAHMASEBI conducted, and aided and abetted inconducting, computer intrusions to gain unauthorized access tothe computer systems of University?l, and obtained and soldacademic resources stolen from University?1 as well as access to

compromised University?l professor accounts.17

(Title 18, United States Code, Sections 1030(a)(2),and 2-)

COUNT FOUR{Wire Fraud}

The Grand Jury further charges:

28. The allegations contained in paragraphs 1 through19 of this Indictment are repeated and realleged as if fully setforth herein.

29. From at least in or about May 2014 through in orabout April 2017, in the Southern District of New York andelsewhere, GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAHKARIMA, a/k/a ?Vahid Karima,? MOSTAFA SADEGHI, SEYED ALIMIRKARIMI, MDHAMMED REZA SABAHI, ROOZBEH GOHARIMOQADAM, and SAJJAD TAHMASEBI, the defendants, willfully andknowingly, having devised and intending to devise a scheme andartifice to defraud, and for obtaining money and property bymeans of false and fraudulent pretenses, representations, andpromises, did transmit and cause to be transmitted by means ofwire, radio, and television communication in interstate andforeign commerce, writings, signs, signals, pictures, and soundsfor the purpose of executing such scheme and artifice, to wit,MDHAMMADI, KARIMA, SADEGHI, MIRKARIMI, MOHAMMED-REZA

SABAHI, ROOZBEH SABAHI, GOHARI MOQADAM, and TAHMASEBI obtained

18

University-l professor login credentials throughmisrepresentations, including, by among other means, sendingspearphishing messages and directing University?1 professors tofake login pages, and then using and aiding and abetting othersin using those login Credentials to access university?1'scomputer systems without authorization.

(Title 18, United States Code, Sections 1343 and

COUNT FIVE

(Computer Fraud Unauthorized Access forPrivate Financial Gain)

The Grand Jury further charges:

30. The allegations contained in paragraphs 1 through19 of this Indictment are repeated and realleged as if fully setforth herein.

31. From at least in or about June 2014 through atleast in or about November 2016, in the Southern District of NewYork and elsewhere, GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI,ABDOLLAH KARIMA, a/k/a ?Vahid Karima,? MOSTAFA SADEGHI, SEYEDALI MIRKARIMI, MOHAMMED REZA SABAHI, RODZBEH SARAHI, ABUZARGOHARI MDQADAM, and SAJJAD TAHMASEBI, the defendants, willfullyand intentionally accessed a computer without authorization andexceeded authorized access, and thereby would and did obtain

32. The allegations contained in paragraphs 1 through19 of this Indictment are repeated and realleged as if fully setforth herein.

33. From at least in or about June 2014 through atleast in or about November 2016, in the Southern District of NewYork and elsewhere, GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI,KARIMA, a/k/a ?Vahid Karima,? MOSTAFA SADEGHI, SEYEDALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZARGDHARI MOQADAM, and SAJJAD TAHMASEBI, the defendants, willfully

and knowingly, having devised and intending to devise a scheme

20

and artifice to defraud, and for obtaining money and property bymeans of false and fraudulent pretenses, representations, andpromises, did transmit and cause to be transmitted by means ofwire, radio, and television communication in interstate andforeign commerce, writings, signs, signals, pictures, and soundsfor the purpose of executing such scheme and artifice, to wit,RAFATNEJAD, MOHAMMADI, KARIMA, MIRKARIMI, MOHAMMED REZAROOZBEH SABAHI, GOHARI MOQADAM, and TAHMASEBI obtainedUniversitysz professor login credentials throughmisrepresentations, including, by among other means, sendingspearphishing messages and directing Universityrz professors tofake login pages, and then using and aiding and abetting othersin using those login credentials to access UniversitYFZ'scomputer systems without authorization.

(Title 18, United States Code, Sections 1343 and 2.)

COUNT SEVEN(Aggravated Identity Theft}

The Grand Jury further charges:34. The allegations contained in paragraphs 1 through19 of this Indictment are repeated and realleged as if fully setforth herein.35. From at least in or about 2013 through at least

in or about December 2017, in the Southern District of New York21

and elsewhere, GHDLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAHKARIMA, a/k/a ?Vahid Karima," MOSTAFA SADEGHI, SEYED ALIMIRKARIMI, MOHAMMED REZA SAEAHI, ROOZBEH SABAHI, ABUZAR GDHARIMDQADAM, and SAJJAD TAHMASEBI, the defendants, knowinglytransferred, possessed, and used, without lawful authority, ameans of identification of another person, during and inrelation to a felony violation enumerated in Title 18, UnitedStates Code, Section 1028A(c), and aided and abetted the same,to wit, RAFATNEJAD, MOHAMMADI, KARIMA, SADEGHI, MIRKARIMI,MOHAMMED REZA SABRHI, RDOZBEH SABAHI, GDHARI MOQADAM, andTAHMASEBI transferred, possessed, and used, and aided andabetted the transfer, possession, and use of, the logincredentials including usernames and passwords of variousprofessors at United States universities during and in relationto the wire fraud and computer fraud offenses charged in CountsOne through Six of this Indictment.

(Title 18, United States Code, Sections 1028A{a){1), and 2.)

FORFEITURE ALLEGATION AS TO COUNTS ONE,THREE, AND FIVE

35. As a result of committing one or more of theoffenses alleged in Counts One, Three, and Five of this

Indictment, RAFATNEJAD, EHSAN MOHAMMADI,

22

KARIMA, a/k/a ?Vahid Karima," MOSTAFA SADEGHI, ALI MIRKARIMI,MOHAMMED REZA SABAHI, ROOZEEH SABAHI, AEUZAR GOHARI MOQADAM, andSAJJAD TAHMASEBI, the defendants, shall forfeit to the UnitedStates, pursuant to Title 18, United States Section, Section1030(i), any and all property, real or personal, constituting orderived from, any proceeds obtained directly or indirectly, as aresult of said offenses, and any and all personal property thatwas used or intended to be used to commit or to facilitate thecommission of said offenses, including but not limited to a sumof money in United States currency representing the amount ofproceeds traceable to the commission of said offenses that the

defendant personally obtained.

FORFEITURE ALLEGATION AS TO COUNTS TWO, FOUR, AND SIXAs a result of committing the offenses alleged in

Counts Two, Four, and Six of this Indictment, GHDLAMREZARAFATNEJAD, EHSAN MOHAMMADI, KARIMA, a/k/a ?VahidKarima," MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZASABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJADTAHMASEBI, the defendants, shall forfeit to the united States,pursuant to Title 18, United States Code, Section and Title 28, United States Code, Section 2461(c), any and all

property, real and personal, which constitutes or is derived

23

from proceeds traceable to the commission said offenses,including but not limited to a sum of money in United Statescurrency representing the amount of proceeds traceable to thecommission of said offenses that the defendant personally

obtained.

Substitute Assets Provision

38. If any of the above?described forfeitableproperty, as a result of any act or omission of the defendant:a. cannot be located upon the exercise of duediligence;b. has been transferred or sold to, or

deposited with, a third person;

c. has been placed beyond the jurisdiction ofthe Court;

d. has been substantially diminished in value;or

e. has been commingled with other property

which cannot be subdivided without difficulty;it is the intent of the United States, pursuant to Title 21,United States Code, Section 853(p), and Title 28, United States

Code, Section 2461(c), to seek forfeiture of any other property

24

of the defendant up to the value of the above forfeitable

property.

(Title 18, United States Code, Sections 981 a 1030;Title 21, United States Code, Section 853; andTitle 28, United States Code, Section 2461.)